| import pytest |
| from starlette.requests import Request |
| from starlette.responses import Response |
|
|
| from landppt.auth import middleware as auth_middleware_module |
| from landppt.auth.middleware import AuthMiddleware |
|
|
|
|
| class _FakeUser: |
| def __init__(self, user_id: int = 1, is_admin: bool = False): |
| self.id = user_id |
| self.is_admin = is_admin |
|
|
|
|
| class _FakeAuthService: |
| def __init__(self, user=None): |
| self.user = user |
| self.session_calls = [] |
| self.api_key_calls = [] |
|
|
| def get_user_by_api_key(self, db, api_key): |
| self.api_key_calls.append(api_key) |
| return None |
|
|
| def get_user_by_session(self, db, session_id): |
| self.session_calls.append(session_id) |
| return self.user |
|
|
|
|
| def _build_request(path: str, cookie: str = "") -> Request: |
| headers = [] |
| if cookie: |
| headers.append((b"cookie", cookie.encode("utf-8"))) |
|
|
| scope = { |
| "type": "http", |
| "http_version": "1.1", |
| "method": "GET", |
| "scheme": "http", |
| "path": path, |
| "raw_path": path.encode("utf-8"), |
| "query_string": b"", |
| "headers": headers, |
| "client": ("127.0.0.1", 12345), |
| "server": ("testserver", 80), |
| } |
| return Request(scope) |
|
|
|
|
| async def _fake_cached_session_none(session_id): |
| return None |
|
|
|
|
| async def _fake_call_next(request: Request) -> Response: |
| return Response(content="ok", media_type="text/plain") |
|
|
|
|
| def _fake_get_db(): |
| yield object() |
|
|
|
|
| @pytest.mark.asyncio |
| async def test_public_page_populates_request_state_user_when_session_is_valid(monkeypatch): |
| middleware = AuthMiddleware() |
| middleware.auth_service = _FakeAuthService(user=_FakeUser(user_id=7)) |
| monkeypatch.setattr(middleware, "_get_user_from_session_cache", _fake_cached_session_none) |
| monkeypatch.setattr(auth_middleware_module, "get_db", _fake_get_db) |
|
|
| request = _build_request("/sponsors", "session_id=valid-session") |
| response = await middleware(request, _fake_call_next) |
|
|
| assert response.status_code == 200 |
| assert request.state.user is not None |
| assert request.state.user.id == 7 |
| assert middleware.auth_service.session_calls == ["valid-session"] |
|
|
|
|
| @pytest.mark.asyncio |
| async def test_public_page_skips_optional_auth_for_static_assets(monkeypatch): |
| middleware = AuthMiddleware() |
| middleware.auth_service = _FakeAuthService(user=_FakeUser(user_id=9)) |
| monkeypatch.setattr(middleware, "_get_user_from_session_cache", _fake_cached_session_none) |
| monkeypatch.setattr(auth_middleware_module, "get_db", _fake_get_db) |
|
|
| request = _build_request("/static/images/logo.png", "session_id=valid-session") |
| response = await middleware(request, _fake_call_next) |
|
|
| assert response.status_code == 200 |
| assert request.state.user is None |
| assert middleware.auth_service.session_calls == [] |
|
|